On 12/28/11 05:51, Jordon Bedwell wrote:
> On Wed, Dec 28, 2011 at 2:54 AM, Adam D. Barratt
> wrote:
>> On 28.12.2011 07:56, Patrick Geschke wrote:
>>> Hey,
>>>
>>> @Maintainers: Whats the overall Status of the package?
>>>
>>> According to php.net 5.3.8 is stable.
>>
>> 5.3.8 is in both testing a
* Jordon Bedwell:
> New upstream version is used pretty loosely here. I would hardly
> consider a bug fix release a new version. You guys treat versions as
> if they're a matter of national security, because 5.3.7 vs 5.3.8 is
> obviously gonna have some major major API changes and some way new
>
@live.com
> CC: j.andra...@gmail.com; j...@debian.org; debian-security@lists.debian.org
> Subject: Re: Vulnerable PHP version according to nessus
>
> On Wed, Dec 28, 2011 at 12:53:13PM +, Dave Henley wrote:
> > Thnaks, I checked the CVE`s against the changelogs and approx. 50%
thanks
Dave
> Date: Wed, 28 Dec 2011 15:31:53 +0200
> From: he...@nerv.fi
> To: dhenl...@live.com
> CC: j.andra...@gmail.com; j...@debian.org; debian-security@lists.debian.org
> Subject: Re: Vulnerable PHP version according to nessus
>
> On Wed, Dec 28, 2011 at 1
On Wed, Dec 28, 2011 at 12:53:13PM +, Dave Henley wrote:
> Thnaks, I checked the CVE`s against the changelogs and approx. 50% is covered.
> Is there a website of some sort to check what kind of CVE`s have been patched?
> If nessus does not provide a reliable report, what is the best
Thnaks, I checked the CVE`s against the changelogs and approx. 50% is covered.
Is there a website of some sort to check what kind of CVE`s have been patched?
If nessus does not provide a reliable report, what is the best next step to
take here?
Are there any howto`s or tutorials on howto secure
On Wed, Dec 28, 2011 at 2:54 AM, Adam D. Barratt
wrote:
> On 28.12.2011 07:56, Patrick Geschke wrote:
>>
>> Hey,
>>
>> @Maintainers: Whats the overall Status of the package?
>>
>> According to php.net 5.3.8 is stable.
>
>
> 5.3.8 is in both testing and unstable - see
> http://packages.qa.debian.or
ueeze system along with apache2 and PHP5.
> > The system is fully up-to-date and the following php packages are
> installed=
>
> Nearly all Nessus checks are junk; they only check version
> numbers, but not whether a vulnerability has actually been fixed.
>
>
In order to try t
p-to-date and the following php packages are installed=
Nearly all Nessus checks are junk; they only check version
numbers, but not whether a vulnerability has actually been fixed.
Since we address security vulnerabilities with backports this
leads to numerous false positives.
Cheers,
Moritz
On 28.12.2011 07:56, Patrick Geschke wrote:
Hey,
@Maintainers: Whats the overall Status of the package?
According to php.net 5.3.8 is stable.
5.3.8 is in both testing and unstable - see
http://packages.qa.debian.org/p/php5.html
Debian stable doesn't generally get new upstream versions of p
On Wed, Dec 28, 2011 at 07:59:08AM +, Dave Henley wrote:
> When I scan my system for vulnerabillities with nessus I get the follwoing
> high risk output:
>
> Synopsis: The remote web server uses a version of PHP that is affected by
> multiple vulnerabilities.
>
> Descr
Nachricht-
Von: Dave Henley [mailto:dhenl...@live.com]
Gesendet: Mittwoch, 28. Dezember 2011 08:59
An: debian-security@lists.debian.org
Betreff: Vulnerable PHP version according to nessus
I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and
5.3.3-7+squeeze3
MySQL module for php5
ii php5-suhosin 0.9.32.1-1
When I scan my system for vulnerabillities with nessus I get the follwoing high
risk output:
Synopsis: The remote web server uses a version of PHP that is affected by
multiple
esday, August 04, 2009 8:51 AM
To: Joseph Abbotts
Cc: debian-security@lists.debian.org
Subject: Re: Nessus to be removed from Debian, please switch to OpenVAS
- possibly in Non-Free repositories?
2009/8/4 Joseph Abbotts :
> I'm all for having more tools to help settle my healthy paranoi
he NBE into metasploit for
> exploit confirmation, it's a hard habit to give up. Any chance of seeing it
> in the Non-Free instead has upstream dropped it's upkeep completely? (Boo
> Nessus.. Wish they'd have kept to the FOSS lower, value added retail upper
> model)
2009/8/4 Joseph Abbotts :
> I'm all for having more tools to help settle my healthy paranoia but I'm not
> seeing the server package:
Because, as I said in my email, this is only available in Unstable.
Openvas-server did not get released with Debian lenny (stable) and, in
any c
he NBE into metasploit for
exploit confirmation, it's a hard habit to give up. Any chance of seeing it in
the Non-Free instead has upstream dropped it's upkeep completely? (Boo Nessus..
Wish they'd have kept to the FOSS lower, value added retail upper model)
Since I've been lurki
* Javier Fernandez-Sanguino (j...@debian.org) wrote:
> Actually, I rather not have Nessus shipped with any other Debian
> stable release as it is in the best interest of Debian and its users
> to only provide software that is actively being maintained upstream.
If someone picked it up to
2009/8/3 Simon Ward :
> I wasn’t meaning to put pressure on a single person. Sure, if there is
> enough demand, someone else, maybe me (although unlikely) could pick up
> package maintenance. I was merely expressing my opinion that there is
> still a need for Nessus 2 for a little
2009/8/3 Stephen Frost :
> * Tim Brown (t...@nth-dimension.org.uk) wrote:
>> I don't see what there is to gain by asking Javier to split his efforts in
>> continuing to maintain Nessus when he has expressed a preference to allow
>> OpenVAS to take its place and has made
On Mon, Aug 03, 2009 at 01:38:03AM +0100, Tim Brown wrote:
> 1) To the best of our knowledge OpenVAS is backwards compatible with Nessus
> 2,
> 3 and 4 feeds although legally use of the commercial feeds on anything other
> than Tenable's product is a grey area
Indeed, and bec
I am away from the office until Aug 4, 2009. If this is an emergency, please
contact Philip Young at pjyo...@dowco.com.
Thanks.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02-08-2009 17:14, Cyril Brulebois wrote:
> Javier Fernández-Sanguino Peña (02/08/2009):
>> I encourage people that are looking for an alternative to Nessus to switch to
>> OpenVAS (Open Vulnerability Assessment Scanner) which i
* Tim Brown (t...@nth-dimension.org.uk) wrote:
> I don't see what there is to gain by asking Javier to split his efforts in
> continuing to maintain Nessus when he has expressed a preference to allow
> OpenVAS to take its place and has made significant contributions to make th
rt any packages with versions affected by DSA something that isn't
possible with the GPL'd Nessus.
In specific relation to remote testing, it has almost everything the old
Nessus 2 GPL feed had plus a good deal more. There are a number of plugin
developers who are focussed only on th
On Sun, Aug 02, 2009 at 08:03:06PM +0200, Javier Fernández-Sanguino Peña wrote:
> I've recently requested Debian Ftp maintainers [1] to remove from the archive
> Nessus and all its related packages (nessus-core, nessus-libraries, libnasl
> and nessus-plugins). The main reason fo
Javier Fernández-Sanguino Peña (02/08/2009):
> I encourage people that are looking for an alternative to Nessus to switch to
> OpenVAS (Open Vulnerability Assessment Scanner) which is a Nessus fork (based
> on the 2.2.x branch) that is actively being maintained and is now available
&g
Dear All,
I've recently requested Debian Ftp maintainers [1] to remove from the archive
Nessus and all its related packages (nessus-core, nessus-libraries, libnasl
and nessus-plugins). The main reason for this is that upstream is more
focused in maintaining it's non-free version
On Tue, Oct 17, 2006 at 01:07:08PM -0700, headshot wrote:
> Thanks!
Is this a question? I provided a version of NessusClient (1.0.0.rc1) at
http://people.debian.org/~jfs/nessus/client/ but I have not received any
comments on it.
If you want to test it out, go ahead.
Regards
Jav
Thanks!
What version of nessus can i get using apt, i
already have 2.06 running fine, but would like to upgrade, also can someone give
me some advice on how to get update-nessus-plugins working.
this is the error i get when trying to update
useing install-nessus.sh
This is the error i'm ge
What version of nessus can i get using apt, i
already have 2.06 running fine, but would like to upgrade, also can someone give
me some advice on how to get update-nessus-plugins working.
this is the error i get when trying to update
useing install-nessus.sh
This is the error i'm ge
On Thu, Mar 06, 2003 at 11:17:07AM -0300, Gustavo Franco wrote:
> Hi jfs,
Hi there.
>
> What's the relationship between these nessus 2.0 packages and the nessus
> 2.0.1 packages[1] of Josip Rodin at the experimental release?
>
These packages are not Josip
On Thu, Mar 06, 2003 at 11:17:07AM -0300, Gustavo Franco wrote:
> Hi jfs,
Hi there.
>
> What's the relationship between these nessus 2.0 packages and the nessus
> 2.0.1 packages[1] of Josip Rodin at the experimental release?
>
These packages are not Josip
On Tue, 2003-02-25 at 08:17, Javier Fernández-Sanguino Peña wrote:
> For those of you who are not aware of it: Nessus 2.0.0 has been released
> just today [1]. I've bugged Joy about this (Bug# 182411) but in order to
> make his (and my) life easier I've made new 2.0.0 packag
On Tue, 2003-02-25 at 08:17, Javier Fernández-Sanguino Peña wrote:
> For those of you who are not aware of it: Nessus 2.0.0 has been released
> just today [1]. I've bugged Joy about this (Bug# 182411) but in order to
> make his (and my) life easier I've made new 2.0.0 packag
On Tue, Feb 25, 2003 at 02:10:54PM +0100, Luis Gomez wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Martes, 25 de Febrero de 2003 13:53, Javier Fernández-Sanguino Peña wrote:
> > The nessus-plugin stuff is the source package, in order to make the
> > p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Martes, 25 de Febrero de 2003 13:53, Javier Fernández-Sanguino Peña wrote:
> The nessus-plugin stuff is the source package, in order to make the
> packages yourself just do:
>
> $ dpkg-source -x nessus-plugins_2.0.0-1.dsc
&
On Tue, Feb 25, 2003 at 12:56:48PM +0100, Luis Gomez wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Great, but how about nessus-plugins?
>
> Your nessusd depends on nessus-plugins >= 1.3 , and Sarge provides
> nessus-plugins 1.0.something, I think,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Great, but how about nessus-plugins?
Your nessusd depends on nessus-plugins >= 1.3 , and Sarge provides
nessus-plugins 1.0.something, I think, so nessusd won't install.
I see some nessus-plugins files in your site (some gzipped stuff), d
On Tue, Feb 25, 2003 at 02:10:54PM +0100, Luis Gomez wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Martes, 25 de Febrero de 2003 13:53, Javier Fernández-Sanguino Peña wrote:
> > The nessus-plugin stuff is the source package, in order to make the
> > p
For those of you who are not aware of it: Nessus 2.0.0 has been released
just today [1]. I've bugged Joy about this (Bug# 182411) but in order to
make his (and my) life easier I've made new 2.0.0 packages for Nessus (i386
only). Just wanted to drop a note here in case anybody else wan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Martes, 25 de Febrero de 2003 13:53, Javier Fernández-Sanguino Peña wrote:
> The nessus-plugin stuff is the source package, in order to make the
> packages yourself just do:
>
> $ dpkg-source -x nessus-plugins_2.0.0-1.dsc
&
On Tue, Feb 25, 2003 at 12:56:48PM +0100, Luis Gomez wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Great, but how about nessus-plugins?
>
> Your nessusd depends on nessus-plugins >= 1.3 , and Sarge provides
> nessus-plugins 1.0.something, I think,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Great, but how about nessus-plugins?
Your nessusd depends on nessus-plugins >= 1.3 , and Sarge provides
nessus-plugins 1.0.something, I think, so nessusd won't install.
I see some nessus-plugins files in your site (some gzipped stuff), d
For those of you who are not aware of it: Nessus 2.0.0 has been released
just today [1]. I've bugged Joy about this (Bug# 182411) but in order to
make his (and my) life easier I've made new 2.0.0 packages for Nessus (i386
only). Just wanted to drop a note here in case anybody else wan
Just FYI, people, I have packaged Nessus 1.3.3 for stable. These packages
(properly compiled in an unstable system of course) might be available in
experimental soon but, for the time being, you can find them at
http://people.debian.org/~jfs/nessus/1.3.3/
The packages are not tested thoroughly
Just FYI, people, I have packaged Nessus 1.3.3 for stable. These packages
(properly compiled in an unstable system of course) might be available in
experimental soon but, for the time being, you can find them at
http://people.debian.org/~jfs/nessus/1.3.3/
The packages are not tested thoroughly
Quoting Yven Leist ([EMAIL PROTECTED]):
> PS: I hope you are aware of the fact that testing is security-wise really
> the worst distribution to run, much worse than unstable!
This is what I've always understood to be the case: Package
quarantining means you don't get new software immediately u
Quoting Yven Leist ([EMAIL PROTECTED]):
> PS: I hope you are aware of the fact that testing is security-wise really
> the worst distribution to run, much worse than unstable!
This is what I've always understood to be the case: Package
quarantining means you don't get new software immediately
the
> > > attacks manually using 'nasl name-of-the-script'
OK, I needed libnasl-dev for that apparently.
The plugin in question is apparently slmail_helo.nasl
Mmmm, doesn't seem to work...:
owl:/usr/lib/nessus/plugins# nasl slmail_helo.nasl
slmail_helo.nasl : Warning :
the
> > > attacks manually using 'nasl name-of-the-script'
OK, I needed libnasl-dev for that apparently.
The plugin in question is apparently slmail_helo.nasl
Mmmm, doesn't seem to work...:
owl:/usr/lib/nessus/plugins# nasl slmail_helo.nasl
slmail_helo.nasl : Warning :
l server to
> > see if it really breaks. If it does: report upstream, if it doesn't
> > then it's a bug in the plugin: report to the nessus development team.
>
> Uh-oh, slowly now, I'm a complete newbie in these things... :-)
> How do I see if it brea
On Tuesday 15 October 2002 14:17, you wrote:
> On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> > On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > > And I haven't been able to
> > > downgrade (hints are welcome! :-) ), but I do not have any testing
> > > or unstable
> >
> > Just pu
On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > Hi everybody!
> >
> > Now, I have finally configured all the security features that I wanted,
> > so last night, I launched a full Nessus attack against my
esn't
> then it's a bug in the plugin: report to the nessus development team.
Uh-oh, slowly now, I'm a complete newbie in these things... :-)
How do I see if it breaks?
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountainee
On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > And I haven't been able to
> > downgrade (hints are welcome! :-) ), but I do not have any testing
> > or unstable
>
> Just put the following in lines in /etc/apt/preferences
>
> Packag
On Tue, Oct 15, 2002 at 01:33:38PM +0200, Kjetil Kjernsmo wrote:
> Hi everybody!
>
> Now, I have finally configured all the security features that I wanted,
(...)
>
> Well, I don't know if I should be alarmed, I guess the whole reason for
> running nessus is to be alar
On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> Hi everybody!
>
> Now, I have finally configured all the security features that I wanted,
> so last night, I launched a full Nessus attack against my server,
> hammering on it with the possibly harmful plugins too. It survi
Hi everybody!
Now, I have finally configured all the security features that I wanted,
so last night, I launched a full Nessus attack against my server,
hammering on it with the possibly harmful plugins too. It survived
that, but it also reports two vulnerabilities on the port 25. I'v
mail server to
> > see if it really breaks. If it does: report upstream, if it doesn't
> > then it's a bug in the plugin: report to the nessus development team.
>
> Uh-oh, slowly now, I'm a complete newbie in these things... :-)
> How do I see if it brea
On Tuesday 15 October 2002 14:17, you wrote:
> On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> > On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > > And I haven't been able to
> > > downgrade (hints are welcome! :-) ), but I do not have any testing
> > > or unstable
> >
> > Just p
On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > Hi everybody!
> >
> > Now, I have finally configured all the security features that I wanted,
> > so last night, I launched a full Nessus attack against
esn't
> then it's a bug in the plugin: report to the nessus development team.
Uh-oh, slowly now, I'm a complete newbie in these things... :-)
How do I see if it breaks?
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountainee
On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > And I haven't been able to
> > downgrade (hints are welcome! :-) ), but I do not have any testing
> > or unstable
>
> Just put the following in lines in /etc/apt/preferences
>
> Packa
On Tue, Oct 15, 2002 at 01:33:38PM +0200, Kjetil Kjernsmo wrote:
> Hi everybody!
>
> Now, I have finally configured all the security features that I wanted,
(...)
>
> Well, I don't know if I should be alarmed, I guess the whole reason for
> running nessus is to be alar
On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> Hi everybody!
>
> Now, I have finally configured all the security features that I wanted,
> so last night, I launched a full Nessus attack against my server,
> hammering on it with the possibly harmful plugins too. It survi
Hi everybody!
Now, I have finally configured all the security features that I wanted,
so last night, I launched a full Nessus attack against my server,
hammering on it with the possibly harmful plugins too. It survived
that, but it also reports two vulnerabilities on the port 25. I'v
This is nothing against the nessus package.
So, i really thing and your email and your tone is innapropriate !
On Sun, Oct 13, 2002 at 02:35:45PM -0600, Orlando wrote:
> Do you really depend and/or expect to stay secure on a 'stable' release of
> '_a_' software?
> The d
This is nothing against the nessus package.
So, i really thing and your email and your tone is innapropriate !
On Sun, Oct 13, 2002 at 02:35:45PM -0600, Orlando wrote:
> Do you really depend and/or expect to stay secure on a 'stable' release of
> '_a_' software?
> The d
On Sun, Oct 13, 2002 at 02:48:15PM +0200, WebMaster wrote:
> hi all,
>
>
> is there a monster bug in nessus for woody?
>
> i scaned a woody server from 2 differents hosts (woody server also)
(...)
> it detected a trinoo for linux
The 'trinoo' test in Nes
asshole for assuming and
implying nessus sucked .. it is a matter of opinion but state something
reasonable to backup it up at least.
On Sunday 13 October 2002 08:45 am, WebMaster wrote:
> > Isn't the nessus in Debian quite old ? I think, there were newer
>
> ness
On Sun, Oct 13, 2002 at 02:48:15PM +0200, WebMaster wrote:
> hi all,
>
>
> is there a monster bug in nessus for woody?
>
> i scaned a woody server from 2 differents hosts (woody server also)
(...)
> it detected a trinoo for linux
The 'trinoo' test in
asshole for assuming and
implying nessus sucked .. it is a matter of opinion but state something
reasonable to backup it up at least.
On Sunday 13 October 2002 08:45 am, WebMaster wrote:
> > Isn't the nessus in Debian quite old ? I think, there were newer
>
> ness
On Sun, 2002-10-13 at 16:45, WebMaster wrote:
> > Isn't the nessus in Debian quite old ? I think, there were newer
> nessus
> > packages at the following sources:
> >
> > -- deb http://www.srce.hr/~joy/nessus1.2/ ./
> > deb-src http://www.srce.hr/~joy/nessus
> Isn't the nessus in Debian quite old ? I think, there were newer
nessus
> packages at the following sources:
>
> -- deb http://www.srce.hr/~joy/nessus1.2/ ./
> deb-src http://www.srce.hr/~joy/nessus1.2/ ./
i ll install this version
it s sure the woody version is a bogus v
On Sun, 2002-10-13 at 16:45, WebMaster wrote:
> > Isn't the nessus in Debian quite old ? I think, there were newer
> nessus
> > packages at the following sources:
> >
> > -- deb http://www.srce.hr/~joy/nessus1.2/ ./
> > deb-src http://www.srce.hr/~jo
On Sun, 2002-10-13 at 14:48, WebMaster wrote:
> hi all,
>
>
> is there a monster bug in nessus for woody?
>
> i scaned a woody server from 2 differents hosts (woody server also)
>
>
>
> yesterday from the fresh host 1 (fresh install)
>
>
> L
hi all,
is there a monster bug in nessus for woody?
i scaned a woody server from 2 differents hosts (woody server also)
yesterday from the fresh host 1 (fresh install)
List of open ports :
ssh (22/tcp) (Security notes found)
general/tcp (Security warnings found)
unknown (27444
> Isn't the nessus in Debian quite old ? I think, there were newer
nessus
> packages at the following sources:
>
> -- deb http://www.srce.hr/~joy/nessus1.2/ ./
> deb-src http://www.srce.hr/~joy/nessus1.2/ ./
i ll install this version
it s sure the woody version is a bogu
On Sun, 2002-10-13 at 14:48, WebMaster wrote:
> hi all,
>
>
> is there a monster bug in nessus for woody?
>
> i scaned a woody server from 2 differents hosts (woody server also)
>
>
>
> yesterday from the fresh host 1 (fresh install)
>
>
> L
hi all,
is there a monster bug in nessus for woody?
i scaned a woody server from 2 differents hosts (woody server also)
yesterday from the fresh host 1 (fresh install)
List of open ports :
ssh (22/tcp) (Security notes found)
general/tcp (Security warnings found)
unknown (27444
82 matches
Mail list logo